CVE-2025-38207

CVE-2025-38207 : In the Linux kernel, a bug in the uprobe handling during vma expansion could cause the upnode page table entry (pte) to be overwritten, potentially orphaning the upbump page. The issue arises when remapping a vma that includes an uprobe, causing a pte overwrite during the set_pte...

CVE-2023-53012

CVE-2023-53012 is documented across multiple connected advisories as a Linux kernel vulnerability affecting the thermal subsystem. The issue arises from calling put_device() before a successful device_register(), specifically in __thermal_cooling_device_register(), and is accompanied by unnecessa...

CVE-2024-57877

The CVE is a Linux kernel arm64 flaw in ptrace NT_ARM_POE handling (poe_set): a temporary ctrl value is not initialized, so a zero-length SETREGSET can write an uninitialized value into target->thread.por_el0, potentially leaking up to 64 bits from the kernel stack. The patch fixes this by ini...

CVE-2024-57914

CVE-2024-57914 : In the Linux kernel, a NULL pointer dereference can occur in the usb: typec: tcpci code when two Type‑C ports share one IRQ. The tcpci_irq() handler may dereference a NULL regmap if an interrupt arrives for the second port before its tcpci_register_port() completes, leading to an...

CVE-2024-57985

Technical details for CVE-2024-57985 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2024-58021

Technical details about CVE-2024-58021 (affected components, root cause, impact, and fix specifics) are not provided in the supplied documents; monitor for updates.

CVE-2025-38038

CVE-2025-38038 affects the Linux kernel, specifically the cpufreq/amd-pstate implementation. The issue arises from an unnecessary driver-wide mutex in set_boost for per-policy calls, creating a potential deadlock with status_store mutex_acquire in the mode-switch path. SUSE’s openSUSE-SU-2025-200...

CVE-2025-38205

The CVE CVE-2025-38205 affects the Linux kernel’s DRM AMD display path. The root cause is a divide-by-zero risk in downstream code caused by uninitialized dummy pitch values in populate_dummy_dml_surface_cfg(); the fix initializes the dummy pitch to 1 to prevent division by zero in CalculateVMAnd...

CVE-2025-38274

The CVE-2025-38274 issue affects the Linux kernel FPGA subsystem, specifically fpga_mgr_test_img_load_sgt(). The root cause was an allocation of sgt with kunit_kzalloc() without verifying success; later __sg_alloc_table() called memset() on sgt, causing a NULL pointer dereference if allocation fa...

CVE-2025-38278

CVE-2025-38278 affects the Linux kernel’s octeontx2-pf QoS code path. The issue arises in the TC_HTB_LEAF_DEL_LAST callback handling, where on reboot the interface can reassign the same HTB leaf queue to its parent while still updating the number of queues, triggering the warning “New queues can'...

CVE-2025-38295

Consolidated data shows CVE-2025-38295 affects the Linux kernel Amlogic Meson DDR PMU driver (meson_ddr_pmu_create) where smp_processor_id() was used in a preemptible context. This caused kernel warnings during module loading. The root cause is unsafe CPU-ID retrieval in preemptible code; the fix...

CVE-2025-38539

CVE-2025-38539 affects the Linux kernel tracing subsystem. The issue arises when a module loads trace events and may modify module printk formats to replace enum names with values; if two modules load concurrently, the addition of the event to the ftrace_events list can corrupt list walking and c...

CVE-2025-38644

CVE-2025-38644 is a Linux kernel issue in the MAC80211 Wi‑Fi code. When a station not yet associated sent NL80211_TDLS_ENABLE_LINK, TDLS was processed before association, leaving sdata->u.mgd.tdls_peer uninitialized and triggering a WARN_ON() in code paths that expected a valid TDLS peer. The ...

CVE-2025-39718

CVE-2025-39718 affects the Linux kernel vulnerability in vsock/virtio packet handling. The issue arises when receiving a VSock packet in a guest: only the virtqueue buffer size was previously validated before virtio_vsock_skb_rx_put(), but the function uses the packet header length as the skb_put...

CVE-1999-0414

The vulnerability CVE-1999-0414 affects Linux prior to 2.0.36, where remote attackers could spoof a TCP connection and pass data to the application layer before the three-way handshake completes. The root issue is the TCP connection handling that allows data to be injected prior to full establish...

CVE-1999-1285

CVE-1999-1285 affects Linux kernels 2.1.132 and earlier. A local attacker can cause a denial of service by reading a large buffer from a random device (e.g., /dev/urandom) that cannot be interrupted until the read completes. The provided documents specify the vulnerability and impact (resource ex...

CVE-2001-0907

CVE-2001-0907 affects Linux kernel 2.2.1–2.2.19 and 2.4.1–2.4.10. Local users can cause a denial of service by triggering a series of deeply nested symlinks, causing the kernel to spend excessive time when accessing the link. The provided documents do not specify a concrete remediation or patched...

CVE-2003-0187

The CVE pertains to the Netfilter connection-tracking core in Linux 2.4.20 where CONFIG_IP_NF_CONNTRACK or ip_conntrack causes DoS. Technical details in the connected records show a change in the linked-list API handling that affects UNCONFIRMED connections: Netfilter could fail to identify such ...

CVE-2004-0596

The vulnerability CVE-2004-0596 affects the Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7. The root cause is a null dereference triggered when a non-existent device name is used, leading to local denial of service. Affected component: eql.c within...

CVE-2007-1734

CVE-2007-1734 is a Linux kernel vulnerability in the DCCP path: do_dccp_getsockopt does not verify the upper bounds of optlen in net/dccp/proto.c for 2.6.20 and later, enabling local attackers on some architectures to read kernel memory or cause a kernel oops. Public detail confirms affected prod...

CVE-2008-3247

Technical details for CVE-2008-3247 are not provided in the supplied documents. Monitor for updates.

CVE-2016-10293

CVE-2016-10293 is an information-disclosure flaw in the Qualcomm video driver on Android (Kernel-3.10). A local malicious app could access data beyond its permissions by exploiting the driver when a privileged process is compromised. The vulnerability is listed for Nexus 5X, Nexus 6P, and Android...

CVE-2016-8395

CVE-2016-8395 - NVIDIA Camera driver (Android) : A stack-allocated buffer overwrite in the NVIDIA Camera component of the Tegra/Android kernel can allow a local attacker to cause a permanent local DoS or privilege escalation. The vulnerability is local (AV:L, PR:H) with high impact on availabilit...

CVE-2016-8419

CVE-2016-8419 is a local elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver affecting Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the Qualcomm Wi‑Fi driver. Affected components/files are tied to the Andr...

CVE-2016-8442

CVE-2016-8442 describes a memory access vulnerability in the Android kernel (version 3.18) allowing a local attacker to access hypervisor memory due to insufficient input validation. Impact is local and memory confidentiality/integrity/availability can be affected. Mitigation is via Android secur...

CVE-2016-8443

CVE-2016-8443 details (from provided documents): Android kernel 3.18 vulnerability that could allow possible unauthorized memory access in the hypervisor. The issue arises from an incorrect configuration that provides access to subsystem page tables. Affected product: Android; kernel version: 3.1...

CVE-2016-8457

CVE-2016-8457 is a vulnerability in the Broadcom Wi‑Fi driver on Android. It enables a local, malicious application to gain elevated privileges by executing arbitrary code in the kernel context. The issue requires compromising a privileged process and is classified as High severity (CVSSv3.0: Loc...

CVE-2016-8475

CVE-2016-8475 describes an information-disclosure vulnerability in the HTC input driver on Android platforms running kernel 3.18. A local malicious application could access data outside its normal permission set after compromising a privileged process. The issue is documented as affecting Android...

CVE-2017-0334

CVE-2017-0334 is an information-disclosure vulnerability in the NVIDIA GPU driver affecting Android on kernel 3.18 (Android ID A-33245849) where a local malicious app could access data outside its permission levels. The provided documents state the issue is an information disclosure with high imp...

CVE-2017-0335

CVE-2017-0335 affects the NVIDIA GPU driver on Android (Kernel-3.18) with a local elevation of privilege that could allow a malicious app to execute code in the kernel. Public details in the Android 2017-03-01/03-05 security bulletins indicate this vulnerability is addressed by patches delivered ...

CVE-2017-0337

CVE-2017-0337 describes a local privilege-escalation in the NVIDIA GPU driver affecting Android on Kernel-3.18. The vulnerability could let a local malicious process execute code in kernel context, potentially enabling a permanent device compromise that might require a OS reflashing to repair. Th...

CVE-2017-0438

CVE-2017-0438 is a local elevation-of-privilege issue in the Qualcomm Wi‑Fi driver for Android, enabling a local malicious app to run code in the kernel context. The vulnerability is tied to the Qualcomm Wi‑Fi stack and is listed under Android kernel versions 3.10 and 3.18 with Android IDs A-3240...

CVE-2017-0458

CVE-2017-0458 is an elevation of privilege in the Qualcomm camera driver affecting Android on kernel-3.18. The vulnerability allows a local malicious application to run arbitrary code in kernel context, requiring compromise of a privileged process to exploit. Public references in CNVD/NVD indicat...

CVE-2017-0459

CVE-2017-0459 describes an information-disclosure vulnerability in the Qualcomm Wi‑Fi driver on Android (kernel 3.18). The flaw could allow a local malicious application to access data outside its permissions, and is categorized as Moderate because exploitation requires compromising a privileged ...

CVE-2017-0516

CVE-2017-0516 is described as an elevation of privilege in the Qualcomm input hardware driver that could enable a local malicious app to execute code in the kernel context on Android devices. Public sources consistently list affected products as Android with kernel versions 3.10 and 3.18; Android...

CVE-2017-0518

Summary: CVE-2017-0518 is an elevation of privilege in the Qualcomm fingerprint sensor driver on Android, enabling a local attacker to execute arbitrary code in kernel context. The affected component is the Qualcomm fingerprint sensor driver (kernel version 3.18 on Android). The issue requires co...

CVE-2017-0567

CVE-2017-0567 refers to an elevation-of-privilege flaw in the Broadcom Wi‑Fi driver on Android, allowing a local malicious app to run arbitrary code in the kernel context. The issue is triggered after compromising a privileged process and affects Android devices with kernel versions 3.10 and 3.18...

CVE-2017-0622

CVE-2017-0622 targets the Goodix touchscreen driver in Android, enabling local elevation of privilege to execute code in the kernel via a compromised privileged process. Public details specify Android kernel 3.10 and the Goodix driver as the vulnerable component, with high impact (kernel context ...

CVE-2022-48819

Summary: CVE-2022-48819 affects the Linux kernel TCP path. When mixing sendpage() data and MSG_ZEROCOPY via the same socket, a warning in inet_sock_destruct() (sk_forward_alloc_get(sk)) could be triggered, due to the sendpage() path being forgotten in zerocopy handling and the need to keep zeroco...

CVE-2022-49883

CVE-2022-49883 is a Linux kernel KVM x86 vulnerability related to SMM handling. The issue arises because the number of general purpose registers (GPRs) used for the SMRAM image depends on the image format. On 64‑bit hosts, if the guest lacks X86_FEATURE_LM, KVM may access 16 GPRs for a 32‑bit SMR...

CVE-2022-50350

The CVE-2022-50350 issue affects the Linux kernel’s iSCSI target login path. A race between login_work and the login thread can occur when a malicious initiator sends data immediately after a login PDU. If LOGIN_FLAGS_INITIAL_PDU isn’t cleared due to no further PDU exchanges, the login_work threa...

CVE-2023-20682

CVE-2023-20682 affects the MediaTek wlan component, describing an out-of-bounds write caused by an integer overflow that could enable local privilege escalation with system execution privileges required. User interaction is not needed. A patch is noted: ALPS07441605 (Issue ALPS07441605). Connecte...

CVE-2023-52934

The CVE-2023-52934 entry concerns the Linux kernel MADV_COLLAPSE path in mm/madvise. A commit changing find_pmd_or_thp_or_none() from returning SCAN_PMD_NULL when !pmd_present(pmde) to returning SCAN_PMD_NONE when pmd_none(pmde) was introduced to better distinguish none-pmd vs absent/present-pmd ...

CVE-2024-57989

CVE-2024-57989 : In the Linux kernel, the wifi driver for mt76 mt7925 had a NULL pointer dereference in mt7925_change_vif_links because devm_kzalloc() could return NULL and its result was not checked. The vulnerability is described as a local, low-privilege issue with high potential impact to ava...

CVE-2024-58073

CVE-2024-58073 affects the Linux kernel component drm/msm/dpu, where dpu_plane_atomic_print_state() could dereference NULL when the pipe state is dumped without a corresponding atomic_check() and pipe->sspp is assigned. The issue is resolved by adding a validation check for sspp in the dpu pla...

CVE-2025-21777

CVE-2025-21777 affects the Linux kernel ring-buffer metadata validation. The vulnerability stems from the subbuf index array (reader page and subbuffer order) potentially containing duplicates, which the validator did not check. If duplicates exist on the writer side, the ring buffer link list co...

CVE-2025-38042

CVE-2025-38042 concerns the Linux kernel DMA engine for TI k3-udma-glue. The issue stems from relying on the skip_fdq argument in k3_udma_glue_reset_rx_chn(); on some platforms there is a single FDQ for all RX flows, while others have a separate FDQ per flow. The fix infers FDQ behavior from the ...

CVE-2025-38168

CVE-2025-38168 is a Linux kernel issue described as: when provisioning an NI device, a resource allocation failure in one clock domain must rollback all previously registered perf PMUs in other clock domains; otherwise a kernel panic can occur. The connected SUSE/OpenSUSE advisory confirms this C...

CVE-2025-38269

CVE-2025-38269 affects the Linux kernel, specifically the btrfs path. When exit after a state insertion failure occurs in btrfs_convert_extent_bit(), if insert_state() fails and CONFIG_BUG is disabled, the code falls through to cache_state() and dereferences the error pointer, causing an invalid ...

CVE-2025-38322

CVE-2025-38322: Linux kernel perf/x86/intel crash fix. The issue caused a hard-lockup on Raptor Lake when perf metrics were invoked on cores not supporting perf, due to the is_topdown_event() function being used in place of is_topdown_count() during sample read after a regression introduced by co...